Re: [ServiceWorker] "unload" event and Service Workers (#731) from Matthew Bauer on 2015-08-15 (public-webapps-github@w3.org from August 2015)

From: Matthew Bauer <notifications@github.com>
Date: Sat, 15 Aug 2015 13:23:04 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/731/131442574@github.com>

What kind of monitoring is actually possible with Service Workers? The lifetime of a service worker can only be extended through a promise from an [ExtendableEvent](https://slightlyoff.github.io/ServiceWorker/spec/service_worker/index.html#extendablemessage-event-section) and right now only "install", "activate", and "message" extend it. So, I think that any of these events could extend past a context close. But, from there what user information is really available? Once the client is closed the Service Worker should be confined to previously gathered information. I suppose there could be some clever abuses of the Web Worker context but even that should be confined to the same-origin policy.

The spec right now leaves [the max lifetime up to browser vendors](https://slightlyoff.github.io/ServiceWorker/spec/service_worker/index.html#wait-until-method). So, the spec should plan for a browser vendor having no limit for the "waitUntil" event. What's the worst that could happen?

I think the biggest concern to "zombie service workers" would be using up resources for something the user doesn't want. The fetch API would let a service worker make unwanted or even malicious HTTP requests. Runtime cycles could be used to [mine Bitcoins](https://github.com/derjanb/hamiyoca). Dumb service workers could use CPU cycles without any real reason. In aggregate, this could definitely make it possible for even benign service workers to become resource hogs. Most modern browsers already have methods to prevent tabs from using too many resources and those could apply here as well. However, I think it still needs to be considered that a bad yet fully compliant implementation of this spec ***as currently written*** could enable some malicious service workers. Of course, this isn't anything that isn't possible in a normal JavaScript context- it's just much more powerful when there isn't an obvious way to "kill" a zombie service worker.

Although I still like my original "save-on-exit" use case, I'm thinking now that it would enable malicious use. Would it be possible to require that browsers clear the "extendLifetimePromises" array when all of a service workers associated clients are are terminated?

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/731#issuecomment-131442574

Received on Saturday, 15 August 2015 20:23:32 UTC